DDoS Archive

Trigger-happy attackers looking for additional ways to bring websites to their knees by means of a DoS attack have been given another tool that can aid in their efforts: FlashFlood.

The creator of the JavaScript in question is Robert Hansen, the VP of WhiteHat Labs at WhiteHat Security, who published a prototype of the script on Tuesday.

“It works by sending tons of HTTP requests using different paramater value pairs each time, to bypass caching servers like Varnish,” Hansen explained, but pointed out that attackers who wished to remain anonymous should trick other people into executing the code, as the defenders can pinpoint the IP address from which the flooding is coming.

By itself, the script is not enough to bring down most websites, but is designed to add strain on a system that is already under attack via other means.

Heavy database-driven sites and Drupal sites are perfect targets for attackers wielding this tool – if they rely on caching to protect themselves.

Source: http://www.net-security.org/secworld.php?id=17771

A rash of Distributed Denial of Service (DDoS) attacks continues to plague the online poker industry. The most recent victim: the Winning Poker Network (WPN), which had to abandon its extremely ambitious million dollar guaranteed tournament on Sunday because of technical difficulties most likely caused by a DDoS attack.

WPN is one of the few offshore online poker networks that still caters to players in the United States. It is not large, averaging only 300 cash game players over the past seven days according to PokerScout.com, so hosting a tournament that guarantees a million dollars in prizes is quite a step. BetCRIS, 5Dimes, and America’s Cardroom are amongst the dozen or so online poker rooms on the network.

The network had apparently been the victim of DDoS attacks a week prior, but it looked like things had gotten back to normal in the days leading up to Sunday’s big event. Wishful thinking, that was. Not long after the tournament started (it did get off the ground without a hitch), a number of glitches started affecting players; things like tables freezing, players timing out, and the like. The network paused the tournament twice, but because the issues kept happening, the decision was eventually made to cancel the tournament about four and a half hours into play with about 45 minutes remaining in the late registration period. Players were presented with the following message at the tables:

Due to circumstances out of our control, we have been unable to provide a stable, fair gaming experience. Many players timed out, while others remained connected. As per our terms and conditions, the tournament has been cancelled and buy-ins and fees have been refunded to all participants.

Naturally, players still in the tournament were furious, having spent all that time playing only to have the tournament shut down, but what really made some people made was the fact that WPN was simply refunding everyone’s money, rather than distributing the prize pool to those who remained in the event.

On Monday, WPN CEO Phil Payton took to Twitch.tv to let players know what was going on. He looked exhausted and depressed seemed to be genuinely upset about having to cancel the tournament. “I’ll tell you what, this is not easy,” he said at the outset.

He continued, “Well, I don’t even know where to start. This has probably – and like you care – been one of the hardest…the hardest week of my life.”

Payton explained the problem the network was having, making it pretty obvious that it was a DDoS attack, even though he didn’t come straight out and use that term. “When you have these internet connectivity issues, you have to filter out the bad traffic that’s coming in, that’s causing the internet connectivity issues, and with that, you filter out some good traffic. Hence, players get disconnected, but the site stays online,” he said.

He apologized for the problems and said that he thought they were in the clear because the attacks had stopped before the tournament, but “Whoever was causing the Internet disconnections was waiting for the million [dollar guaranteed tournament]. The second that it started, it [the attack] started.”

A Distributed Denial of Service Attack, in a nutshell, happens when two or more people (or automated bots) flood a machine, in this case the WPN server(s) with communications requests. The requests overwhelm the machine, preventing it from handling legitimate requests and either slowing it to a crawl or forcing it to be reset.

The million dollar guaranteed tournament has been rescheduled for February 22nd.

Source: http://www.pokernewsdaily.com/ddos-attack-hits-winning-poker-network-forces-cancelation-of-million-dollar-guarantee-26513/

Persistant attacks have become a state of permanent attack for some organisations according to a new report.

The number of companies under constant cyber-attack has rocketed from four percent last year to 19 percent today, and it’s no longer a one-off but a deliberate method of attack – yet more than half of companies (52 percent) in a recent survey* say that they do not have the resources  to tackle around-the-clock attacks for more than a day.

Talking to SCMagazineUK.com on the launch of itsRing of Fire’, survey, which tracks cyber attacks and predicts the likelihood of attack on major industries,  Adrian Crawley regional director for the UK and Ireland, Radware explained: “It’s a mix of volumetric network attacks as well as application attacks – about 50:50.  The volumetric attacks are increasingly using DNS applification and reflection techniques so that minimal information is initially sent, but its amplified 100, or even 300 times. It’s easy to do and attacks are rising from 10GB to 50GB, with many up to 100GB and some even larger.  They are also lasting longer and some organisations are under constant attack.  They are larger, last longer and use a mix of vectors.”

It was also noted that these attacks are dynamic, with Crawley citing one retailer who blocked all traffic from Russia during an attack, and the attackers changed location on the fly and the attacks then came from China.

Sarb Sembhi, director at STORM Guidance, commented to SCMagazineUK.com: “The trend is that attacks will be far more sustained than in the past, especially DDoS. With increasing use of broadband, going forward, companies that didn’t used to need instant response will need to look at getting that capability – and this trend will continue.”

Among leading targets are ISPs and hosting companies. As Crawley explained: “Although ISPs are set up to handle volume attacks, these attacks do cause degradation in the network and create a distraction so that lower volume specific application level attacks occur at the same time.  And the attackers use tools to automatically change the type of attack as the attack goes on.

Sembhi adds: “ISPs and hosting companies are attractive targets as, with EU rules on data retention, if you hack an ISP or hosting company, for every customer, there are also their customer details so it’s a high-value target.”

For other companies, off-loading volumetric attacks to the cloud is seen as a good response, but Crawley emphasises a multi-layered approach is needed as there will still be the application attacks – such as Slow Lorris, which look like real users and go for the server, so it’s necessary to tackle both types of attack.

For the same reason Crawley notes that: “It’s necessary to have the right personnel and not just rely on technology – whether that’s in-house staff or external emergency response teams.  You do also need automated processes to protect and mitigate attacks, with an emphasis on reducing time to mitigation via automation, down to around 10 seconds using some providers.  But you still face zero day exploits and that’s where you need intelligence as well at technology.”

The only vertical becoming less critical was financial services.  This is not because they are less under attack but because they have taken measures to tackle the problem over the past two years. And they had the capability to employ people and deploy technology. The Ababil operation lasting seven months, and legislation in the US and UK, have also given firms more incentive to come up with DDoS attack mitigation solutions.  So while financial services do face more sophisticated attacks, including encrypted attacks, they are less targeted as attackers go for the low hanging fruit.

However, Sembhi notes that the financial sector has had so many attacks over the last few years that there is a glut of financial details in the in the market with more than 1 in 5 US card holders having their details compromised. Credit card data for sale has seen prices forced to go down as a result. “This could also explain increased interest in health and mobile data sets, “ says Sembhi, adding, “The criminal business models have changed and are similar to those of legitimate businesses such as Google and Amazon in that they want to collect all the data about you that they can and this data contributes.”

In contrast, the education sector is under increasing attack, and it is having a financial impact, with grants for institutions dependent on hitting research deadlines which were not met due to degraded systems.  The motives are more varied – in some cases even people worried about exams taking down the exam site.

While retail has stayed static globally, it is increasingly targeted in the UK.  One retailier had 20 percent of its resource tied up with an attack in the week leading up to Black Friday, the attacker apparently testing its network during a time when it would expect to get 50 percent of its sales.

Gaming sites have seen an increase in attacks, and not just from individuals taking revenge for losses, but also competitors – causing a site to go offline or be unusable, so traffic would go to its own near-replica site. The perpetrators may be in jurisdictions where they are not reachable, or are not spoofing the original site, just providing an alternative to benefit from a take-down.  Sembhi comments: “Criminal businesses are trying to out-do each other and so these increases will be seen for some time before it goes down, and as each competes against the other they up the ante. Also, gamers are likely to be more tech savvy and use their expertise to find and take advantage of any holes in the games.”

Government remained a central target and is expected to remain so, for hacktivists, foreign governments, and for financial gain.

Sembhi also observed: “It’s surprising that energy and utilities are put as being at a low likelihood of attacks. This could create a false sense of security as they are targets for both hacktivists and state sponsored attackers, so while the numbers of attacks may be fewer, they face more capable adversaries.  Also, unless their kit is brand new, it could be two to five years old, or even 10 to 15 years old with SCADA systems, so they are difficult to patch and use the technology model that existed at that time with just some software add-ons.”

However, Crawley agreed that the Internet of Things (IOT) will provide more opportunities for attackers to cause havoc and increase the complexity of attacks, requiring a stronger and more sophisticated perimeter. He told SC: “The IOT is a really challenging area, and a real asset to attackers, with more exposure, especially for amplification and reflection. And App attacks are becoming more complex and difficult to mitigate against.  Volumetric attack bots  are still in evidence in Russia and China, but the source of attacks is dispersed, with people hiding behind CDNs (Content Delivery Networks) – which have become an attackers tool.”

A disturbing trend identified is attacks such as that on the Boston Children’s Hospital which puts lives at risk, and Crawley says we can expect to see more of this type of attack. In a press statement, Carl Herberger, vice president of security solutions at Radware adds: “The healthcare industry was pre-occupied by the threat of death – it’s a scary thought to consider the possibility that life support machines or pace makers could be taken over and shut down by hacktivists using legitimate routes to get in.”

Source: http://www.scmagazineuk.com/constant-attack-a-growing-reality/article/388143/2/

The recent string of malicious attacks against Sony Pictures by hacker collective the Guardians of Peace has resulted in a range of personal and at times embarrassing information leaked to the public, from internal emails discussing Angelina Jolie and President Obama, to competitive secrets and upcoming movies like Annie. Supposedly, Sony hasn’t taken the situation lying down: some sources claim that the entertainment giant has conducted a retaliatory, large-scale DDoS attack against the websites hosting the leaked information.

According to unnamed sources speaking to Re|Code, Sony is “using hundreds of computers in Asia to execute what’s known as a denial-of-service attack on sites where its pilfered data is available,” via Amazon Web Services, which has data centers in Tokyo and Singapore. The idea is to disrupt downloads of sensitive information, the sources said.

Sony has declined to comment on the story. But what, if anything, would such an approach accomplish?

“If, in fact, Sony is planning retaliatory attacks against websites that are keeping their leaked information, this probably won’t stop hackers from attacking them; it may only spur them to greater action,” said Marc Gaffan, CEO and co-founder of Incapsula, in an email.

That said, there’s no doubt that DDoS attacks are also very costly to the victims. Incapsula found that just one hour under the gun of a DDoS attack can cost a company upwards of $40,000. And, thanks to the abundance of cloud infrastructure for hire, it’s not difficult to initiate the attacks.

“However, launching DDoS attacks is illegal, regardless if it is in response to an attack or in self-defense,” Gaffan said. “While these types of attacks are effective in shutting down websites, it will also impact innocent parties that are caught in the line of fire. If Sony is fighting back, we hope that they are better prepared to thwart these attacks than they were two weeks ago.”

As we previously reported, it’s believed that North Korea is behind the incident, in retaliation for the release of the comedy The Interview, which features Seth Rogan and James Franco as hapless journalists recruited by the CIA to assassinate North Korean leader Kim Jong-un. Pyongyang has called the film “an act of war.”

Sony chiefs Michael Lynton and Amy Pascal have sent an email to employees noting that the company was still examining the full extent of the attack, which resulted in the leaking of upcoming movies like Fury and Annie online, as well as the lifting of various corporate data. It also wiped out data on a swath of its network.

Source: http://www.infosecurity-magazine.com/news/posthack-is-sony-dishing-out/

A hacker from Anonymous backs PSN in wake of the attacks to Sony and Microsoft’s servers last night.

A video posted in YouTube has Anonymous in PSN’s defense, demanding Lizard Squad to cease attacks on gaming servers or the hacking group will retaliate. Lizard Squad recently claimed it was responsible for the recent DDoS attacks on both the PlayStation Network and Xbox Live.

The video shows a masked man demanding the Lizard Squad discontinue its attacks on the servers, if it is really the cause of the service disruptions. The man warns Anonymous will come after them otherwise.

“You have made countless threats against Xbox Live and PlayStation Network. You have taken down their servers with relentless Distributed-Denial-of-Service attacks.”

The video could be a valid threat from Anonymous, though it is not officially hosted on the Anonymous YouTube channel. It’s also possible the video is a hoax.

“If you continue to attempt to attack the gaming communities we will take action against you. What you are doing is wrong. You are taking away the fun and enjoyment of children as well as adults. You have no real reason for taking down their servers. Your only goal is to see how far you get without getting caught.

Quit while you’re ahead because the FBI is watching you and they will find you and Anonymous will help and support them. You said your next attack on Christmas Day. We will stop at nothing to ensure that you never attack the gaming communities again. You have been warned. We are anonymous. We are legion. We do not forgive. We do not forget. Lizard Squad expect us.”

Anonymous in PSN’s defense follows through on recent attacks to Sony Pictures’ servers last month, resulting in data stolen and uploaded to file-sharing websites. The FBI is currently investigating the attacks, and has previously announced it’s close on the heels of the Lizard Squad’s identity (psu.com).

Source: http://www.kdramastars.com/articles/59850/20141208/anonymous-psn.htm